What is the severity of CVE-2020-23490?

CVE-2020-23490 is considered a high severity vulnerability due to the potential for unauthorized access to sensitive files.

How do I fix CVE-2020-23490?

To fix CVE-2020-23490, upgrade AVideo to version 8.9 or later where the vulnerability has been patched.

Who is affected by CVE-2020-23490?

AVideo versions prior to 8.9 are affected by CVE-2020-23490.

What types of sensitive information can be exposed by CVE-2020-23490?

CVE-2020-23490 can expose sensitive information such as database credentials and system files like /etc/passwd.

Can CVE-2020-23490 be exploited by unauthenticated attackers?

Yes, CVE-2020-23490 can be exploited by unauthenticated attackers to read arbitrary files on the server.

Vulnerability/
CVE-2020-23490

high

7.5

16/11/2020

4/8/2024

CVE-2020-23490

First published: Mon Nov 16 2020(Updated: )

There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
WWBN AVideo	<8.9

Remedy

https://github.com/WWBN/AVideo/commit/218c98cbd4a4a2c15745852bcd0f29faf101bd8c

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-23490?
CVE-2020-23490 is considered a high severity vulnerability due to the potential for unauthorized access to sensitive files.
How do I fix CVE-2020-23490?
To fix CVE-2020-23490, upgrade AVideo to version 8.9 or later where the vulnerability has been patched.
Who is affected by CVE-2020-23490?
AVideo versions prior to 8.9 are affected by CVE-2020-23490.
What types of sensitive information can be exposed by CVE-2020-23490?
CVE-2020-23490 can expose sensitive information such as database credentials and system files like /etc/passwd.
Can CVE-2020-23490 be exploited by unauthenticated attackers?
Yes, CVE-2020-23490 can be exploited by unauthenticated attackers to read arbitrary files on the server.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/remedy
agent/author
agent/description
agent/event
agent/tags
agent/first-publish-date
agent/source
vendor/wwbn
canonical/wwbn avideo

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2020-23490?
CVE-2020-23490 is considered a high severity vulnerability due to the potential for unauthorized access to sensitive files.
How do I fix CVE-2020-23490?
To fix CVE-2020-23490, upgrade AVideo to version 8.9 or later where the vulnerability has been patched.
Who is affected by CVE-2020-23490?
AVideo versions prior to 8.9 are affected by CVE-2020-23490.
What types of sensitive information can be exposed by CVE-2020-23490?
CVE-2020-23490 can expose sensitive information such as database credentials and system files like /etc/passwd.
Can CVE-2020-23490 be exploited by unauthenticated attackers?
Yes, CVE-2020-23490 can be exploited by unauthenticated attackers to read arbitrary files on the server.